TECHNICAL NOTE CLEARPASS PROFILING QUICK START GUIDE
|
|
- Muriel Patrick
- 6 years ago
- Views:
Transcription
1 TECHNICAL NOTE CLEARPASS PROFILING QUICK START GUIDE REVISION HISTORY Revised By Date Changes Dennis Boas Aug 2016 Version 1 initial release 1344 CROSSMAN AVE SUNNYVALE, CA ARUBA T: FAX: info@arubanetworks.com
2 TABLE OF CONTENTS ClearPass Profiling Quick Start Guide... 1 Introduction... 3 Enable ClearPass Device Profiling... 3 Passive Collectors... 3 DHCP... 3 HTTP User-Agent... 4 Aruba Controller Configuration... 4 ClearPass IF-MAP Enable... 5 Cisco Device Sensor... 5 Basic Configuration needed... 5 Enable ClearPass Interim Accounting... 5 Configure Cisco Switch... 6 MAC OUI... 7 TCP Fingerprinting... 7 Active Collectors... 7 Subnet Scan... 8 Set Scan Interval... 8 Configure ClearPass Profile Settings... 8 Example Profile Results
3 Introduction ClearPass uses a series of collectors to profile devices. These collectors receive information about each device and profile it for Device Category, Device OS family, Device Name, and Host Name. These device attributes can then be used to assign the correct authorization roles to the device. Configuring profiling is a two-step process: (1) the network infrastructure has to be configured to send device profiling information to ClearPass, and (2) ClearPass needs to be enabled to process the information. This paper presents a quick start guide for how to configure a basic ClearPass test environment. For more detailed information on ClearPass profiling refer to the ClearPass Profiling Tech Note on the Aruba support site. 1 Enable ClearPass Device Profiling Enable device profiling on at least one ClearPass node in each zone. Passive Collectors Passive Collectors monitor and analyze information either sent directly to ClearPass or received on a ClearPass span port. DHCP The DHCP collector analyzes DHCP DISCOVER and REQUEST messages and uses DHCP fingerprints to profile the sending device. The ClearPass DHCP collector is automatically enabled when Enable Profiling is selected. Network switches and controllers need to be configured to forward the DHCP packets to ClearPass. ClearPass will use the DHCP packets to profile the device, but ClearPass is not a DHCP server. Example switch configurations. 3
4 HPE-3800 switch running KA_16_ DHCP Relay Configuration: vlan <id> ip helper-address <ClearPass Server IP address> dhcp-snooping vlan <id> Cisco 3750 switch running IOS Version 12.2(55)SE4 DHCP Relay Configuration: ip dhcp relay information trust-all ip dhcp snooping vlan <vlan range> interface vlan <ID> ip address <ip and mask> ip helper-address <ClearPass IP address> Note: If the ClearPass server has a span port configured it will also use DHCP packets received on that port for profiling. Switches or network taps can be configured to mirror traffic to the ClearPass span port. HTTP User-Agent In some cases, DHCP fingerprints alone cannot fully classify a device. A common example is the Apple family of smart devices; DHCP fingerprints cannot distinguish between an Apple ipad and an iphone. In these scenarios, User-Agent strings sent by browsers in the HTTP protocol are useful to further refine classification results. User-Agent strings are collected from: ClearPass Guest ClearPass Onboard Aruba controller through IF-MAP interface Guest and Onboard automatically collect User-Agent strings The IF-MAP interface needs to be enabled on the ClearPass server and configured on the Aruba Controller Aruba Controller Configuration Configure the IF-MAP interface on the Aruba controller: (host) (config) #ifmap (host) (config) #ifmap cppm (host) (CPPM IF-MAP Profile) #server host <host> port <port> username <username> passwd <psswd> (host) (CPPM IF-MAP Profile) #enable 4
5 ClearPass IF-MAP Enable Enable IF-MAP profiling on ClearPass by going to Administration > Server Manager > Server Configuration > Cluster-Wide Parameters Cisco Device Sensor The Device Sensor feature is used to gather raw endpoint data from network devices using protocols such as Cisco Discovery Protocol (CDP), Link Layer Discovery Protocol (LLDP), DHCP and HTTP User-Agent info. All these attributes are sent to ClearPass using RADIUS accounting packets. Upon receiving the accounting data, the RADIUS server will post these inputs to profiler for analysis. This allows endpoints to be profiled without needing IP helper configurations or SPAN ports. Basic Configuration needed: Enable ClearPass Interim Accounting packets update Accounting configuration on Cisco NAD Enable IOS sensor on Cisco NAD Enable ClearPass Interim Accounting Enable logging of RADIUS Accounting packets by going to Administration > Server Manager > Server Configuration > [SERVER] > Service Parameters > RADIUS Server 5
6 Configure Cisco Switch Cisco switch Device Sensor configuration: 6
7 For additional details refer to the Cisco Cevice Sensor Configuration Guide. MAC OUI A connecting device s MAC OUI is automatically collected and can be useful for classifying endpoints. An example is Android devices, where DHCP fingerprints can only classify a device as a generic Android device, but cannot provide more detail about the vendor. Combining the DHCP information with the MAC OUI, the profiler can classify a device as HTC Android, Samsung Android, Motorola Android, etc. The MAC OUI is also useful to profile devices such as printers which may be configured with static IP addresses. TCP Fingerprinting When enabled, ClearPass will analyze the SYN, SYN-ACK handshakes using the open source TCP fingerprint databases pf0.fp and pf0fa.fp (SYN, and SYN-ACK respectively). Looking at the SYN packet allows ClearPass to determine which device (client) is connecting. Looking at the SYN-ACK allows ClearPass to derive what the actual server (target) is. TCP Traffic must be mirrored by network switches and controllers to the SPAN port on the ClearPass server. To enable this feature on a 500 or 5K appliance, the Data Port must not be in use. On a 25K appliance, one of the other spare interfaces can be used. Within a VM environment, if the DATA Port is being used then the ability to use TCP Fingerprinting is not an option. Active Collectors Active collectors use protocols like SNMP, SSH and WMI to collect device attributes for use in profiling. Active collection is especially useful for discovering and profiling statically addressed devices. 7
8 Subnet Scan ClearPass uses subnet scans to discover and profile devices with statically assigned IP addresses. Scans are automatically run every day or can be run on demand. For each scanned address ClearPass will: If port 22 is open, attempt to use SSH to login and gather additional data If port 135 is open, attempt to use WMI to login and gather additional data If port 161 is open, attempt to query SNMP information If port 135 and 3389 is open, assume that the endpoint is Windows-based Set Scan Interval By default subnet scans are run once a day but the interval is configurable by going to Administration > Server Manager > Server Configuration > Cluster-Wide Parameters Configure ClearPass Profile Settings To configure Subnet scans, you must configure Profile Settings in Configuration > Profile Settings: Define the subnets to scan Add SNMP credentials Add SSH credentials Add WMI Domain credentials 8
9 Configure Subnets Select the Policy Manager Zone and add the subnet or subnets for scanning. Subnets are added as a comma separated list. Note: do not end the line with a carriage return. To scan a single host use the /32 mask. Configure SNMP Credentials On the SNMP Configuration tab, click Add SNMP Configuration. You can add as many IP subnets or IP addresses as needed. Each can have its own set of credentials. In this example, we have configured two subnets with different SNMP credentials. 9
10 It is also possible to configure multiple sets of credentials for the same subnet as shown below. 10
11 Configure SSH Credentials SSH credentials are configured per subnet or with multiple sets of credentials per subnet. Go the SSH Configuration tab and click Add Configuration. 11
12 Configure WMI Credentials To add WMI credentials, go to the WMI Configuration tab and click Add Configuration. WMI credentials are used to sign into Windows Domain-joined machines and probe for additional profile information. Multiple credentials can be configured for each subnet and Domain. 12
13 Initiate On Demand Scan Configure an on-demand subnet scan by clicking the On-Demand Subnet Scan link. Enter a comma-separated list of subnets and click Submit. Example Profile Results In this example the host IP is dynamically assigned so DHCP fingerprinting can be used. In addition, the profiler found port 3389 open. Port 3389 is used by Windows Remote Desktop. 13
14 This example shows a server with a statically assigned IP address. This means that DHCP fingerprinting is not an option. The server does support SNMP so the SNMP System Description is used to profile the server. Note that the Server Name is also shown but is not used in the standard fingerprint. Device name could be used in a user-defined custom fingerprint. This switch is statically addressed and since we don't see any SNMP attributes, either SNMP is not enabled or the more likely reason is that the SNMP credentials are not correct. The CLI credentials were accepted and the SSH device name provides the profiling information 14
15 This RAP was profiled based on CDP, SNMP and DHCP attributes. 15
16 16
Tech Note: ClearPass Profiling Version 1.1 October 2014
Tech Note: ClearPass Profiling Version 1.1 October 2014 Version Date Modified By Comments 1.0 June 2014 Danny Jump Initial Published Version 1. 1.1 October 2014 Danny Jump Updated details for ActiveSync
More informationTech Note: ClearPass Profiling Version 1.2 July 2015
Tech Note: ClearPass Profiling Version 1.2 July 2015 Version Date Modified By Comments 1.0 June 2014 Danny Jump Initial Published Version 1. 1.1 October 2014 Danny Jump Updated details for ActiveSync to
More informationConfiguring Client Profiling
Prerequisites for, page 1 Restrictions for, page 2 Information About Client Profiling, page 2, page 3 Configuring Custom HTTP Port for Profiling, page 4 Prerequisites for By default, client profiling will
More informationNetwork Function Property Algorithm. CounterACT Technical Note
Table of Contents About the Network Function Property... 3 Network Function Algorithm Criteria... 4 1. Manual Classification... 4 2. Managed CounterACT Appliance... 4 3. Managed Endpoint... 4 4. Switch
More informationA. Post-Onboarding. the device wit be assigned the BYOQ-Provision firewall role in me Aruba Controller.
Volume: 98 Questions Question: 1 Based on the ClearPass and Aruba Controller configuration settings for On boarding shown, which statement accurate describes an employee's new personal device connecting
More informationSecure wired and wireless networks with smart access control
Secure wired and wireless networks with smart access control Muhammad AbuGhalioun Senior Presales Consultant Hewlett-Packard Enterprise Aruba Saudi Arabia Managing risk in today s digital enterprise Increasingly
More informationONE POLICY. Tengku Shahrizam, CCIE Asia Borderless Network Security 20 th June 2013
ONE POLICY Tengku Shahrizam, CCIE Asia Borderless Network Security 20 th June 2013 Agenda Secure Unified Access with ISE Role-Based Access Control Profiling TrustSec Demonstration How ISE is Used Today
More informationProvide One Year Free Update!
QUESTION & ANSWER HIGHER QUALITY, BETTER SERVICE Provide One Year Free Update! https://www.passquestion.com Exam : ACCP-v6.2 Title : Aruba Certified Clearpass Professional v6.2 Version : DEMO 1 / 7 1.Which
More informationClearPass and MaaS360 Integration Guide. MaaS360. Integration Guide. ClearPass. ClearPass and MaaS360 - Integration Guide 1
ClearPass and MaaS360 Integration Guide MaaS360 ClearPass Integration Guide ClearPass and MaaS360 - Integration Guide 1 ClearPass and MaaS360 Integration Guide Change Log Version Date Modified By Comments
More informationForescout. Configuration Guide. Version 8.1
Forescout Version 8.1 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationPort Mirroring in CounterACT. CounterACT Technical Note
Table of Contents About Port Mirroring and the Packet Engine... 3 Information Based on Specific Protocols... 4 ARP... 4 DHCP... 5 HTTP... 6 NetBIOS... 7 TCP/UDP... 7 Endpoint Lifecycle... 8 Active Endpoint
More informationHow to Discover Live Network
NetBrain Integrated Edition How to Discover Live Network Version 7.0 Last Updated 2017-05-26 Copyright 2004-2017 NetBrain Technologies, Inc. All rights reserved. How to Discover Live Network The live network
More informationPulse Policy Secure. Profiler. Deployment Guide 5.4R3. Product Release Document Version. Published
Pulse Policy Secure Profiler Deployment Guide Product Release Document Version Published 5.4R3 October 2017 Pulse Secure, LLC 2700 Zanker Road, Suite 200 San Jose, CA 95134 www.pulsesecure.net Pulse Secure
More informationACCP-V6.2Q&As. Aruba Certified Clearpass Professional v6.2. Pass Aruba ACCP-V6.2 Exam with 100% Guarantee
ACCP-V6.2Q&As Aruba Certified Clearpass Professional v6.2 Pass Aruba ACCP-V6.2 Exam with 100% Guarantee Free Download Real Questions & Answers PDF and VCE file from: 100% Passing Guarantee 100% Money Back
More informationClearPass Ecosystem. Tomas Muliuolis HPE Aruba Baltics lead
ClearPass Ecosystem Tomas Muliuolis HPE Aruba Baltics lead 2 Changes in the market create paradigm shifts 3 Today s New Behavior and Threats GenMobile Access from anywhere? BYOD Trusted or untrusted? Bad
More informationCisco ISE Ports Reference
Cisco ISE Infrastructure Cisco ISE Infrastructure, on page 1 Cisco ISE Administration Node Ports, on page 2 Cisco ISE Monitoring Node Ports, on page 4 Cisco ISE Policy Service Node Ports, on page 6 Cisco
More informationConfiguring APIC Accounts
This chapter contains the following sections: Adding an APIC Account, page 1 Viewing APIC Reports, page 3 Assigning an APIC account to a Pod, page 15 Handling APIC Failover, page 15 Adding an APIC Account
More informationTECHNICAL NOTE MSM & CLEARPASS HOW TO CONFIGURE HPE MSM CONTROLLERS WITH ARUBA CLEARPASS VERSION 3, JUNE 2016
HOW TO CONFIGURE HPE MSM CONTROLLERS WITH ARUBA CLEARPASS VERSION 3, JUNE 2016 CONTENTS Introduction... 5 MSM and AP Deployment Options... 5 MSM User Interfaces... 6 Assumptions... 7 Network Diagram...
More informationVendor: Cisco. Exam Code: Exam Name: Implementing Cisco Secure Access Solutions. Version: Demo
Vendor: Cisco Exam Code: 300-208 Exam Name: Implementing Cisco Secure Access Solutions Version: Demo QUESTION 1 By default, how many days does Cisco ISE wait before it purges the expired guest accounts?
More informationCisco ISE Ports Reference
Cisco ISE Infrastructure, page 1 Cisco ISE Administration Node Ports, page 2 Cisco ISE Monitoring Node Ports, page 4 Cisco ISE Policy Service Node Ports, page 5 Cisco ISE pxgrid Service Ports, page 10
More informationForescout. Configuration Guide. Version 2.2
Forescout Version 2.2 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationNetwork Configuration Example
Network Configuration Example Configuring Authentication and Enforcement Using SRX Series Services Gateways and Aruba ClearPass Policy Manager Modified: 2016-08-01 Juniper Networks, Inc. 1133 Innovation
More informationCisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller
Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller For Comments, please email: howtoguides@external.cisco.com Current Document Version: 3.0 August 27, 2012 Table
More informationCounterACT DHCP Classifier Plugin
CounterACT DHCP Classifier Plugin Version 2.0.7 and Above Table of Contents About the CounterACT DHCP Classifier Plugin... 3 What to Do... 3 Requirements... 4 Install the Plugin... 4 Concepts, Components,
More informationIntelligent Edge Protection
Intelligent Edge Protection Sicherheit im Zeitalter von IoT und Mobility September 26, 2017 Flexible consumption Beacons, sensors and geo-positioning Driven by agile DevOps Mobile users, apps and devices
More informationPulse Policy Secure. Profiler Administrator Guide. Product Release 9.0R1 Document Version 1.0
Pulse Policy Secure Profiler Administrator Guide Product Release 9.0R1 Document Version 1.0 Published April 2018 Pulse Secure, LLC 2700 Zanker Road, Suite 200 San Jose, CA 95134 www.pulsesecure.net Pulse
More informationTECHNICAL NOTE UWW & CLEARPASS HOW-TO: CONFIGURE UNIFIED WIRELESS WITH CLEARPASS. Version 2
HOW-TO: CONFIGURE UNIFIED WIRELESS WITH CLEARPASS Version 2 CONTENTS Introduction... 7 Background information... 7 Requirements... 7 Network diagram... 7 VLANs... 8 Switch configuration... 8 Initial setup...
More informationIntegration Guide. Auvik
Integration Guide Auvik Revised: 27 February 2017 About This Guide Guide Type Documented Integration WatchGuard or a Technology Partner has provided documentation demonstrating integration. Guide Details
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST \ http://www.pass4test.com We offer free update service for one year Exam : HPE2-Z39 Title : Fast Track - Applying Aruba Switching Fundamentals for Mobility Vendor : HP Version : DEMO Get Latest
More informationForeScout CounterACT. Plugin. Configuration Guide. Version 2.1
ForeScout CounterACT Core Extensions Module: DHCP Classifier Plugin Version 2.1 Table of Contents About the DHCP Classifier Plugin... 3 What to Do... 3 Requirements... 3 Verify That the Plugin Is Running...
More informationCISCO EXAM QUESTIONS & ANSWERS
CISCO 300-206 EXAM QUESTIONS & ANSWERS Number: 300-206 Passing Score: 800 Time Limit: 120 min File Version: 35.2 http://www.gratisexam.com/ Exam Code: 300-206 Exam Name: Implementing Cisco Edge Network
More information2012 Cisco and/or its affiliates. All rights reserved. 1
2012 Cisco and/or its affiliates. All rights reserved. 1 Policy Access Control: Challenges and Architecture UA with Cisco ISE Onboarding demo (BYOD) Cisco Access Devices and Identity Security Group Access
More informationGet Started with Cisco DNA Center
About Cisco DNA Center, on page 1 Log In, on page 1 Log In for the First Time as a Network Administrator, on page 2 Default Home Page, on page 3 Use Global Search, on page 5 Where to Start, on page 6 About
More informationCISCO EXAM QUESTIONS & ANSWERS
CISCO 300-206 EXAM QUESTIONS & ANSWERS Number: 300-206 Passing Score: 800 Time Limit: 120 min File Version: 35.2 http://www.gratisexam.com/ Exam Code: 300-206 Exam Name: Implementing Cisco Edge Network
More informationInterconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview
Interconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview This course will teach students about building a simple network, establishing internet connectivity, managing network device security,
More informationForeScout CounterACT. Single CounterACT Appliance. Quick Installation Guide. Version 8.0
ForeScout CounterACT Single CounterACT Appliance Version 8.0 Table of Contents Welcome to CounterACT Version 8.0... 4 CounterACT Package Contents... 4 Overview... 5 1. Create a Deployment Plan... 6 Decide
More informationUsing the Web Graphical User Interface
Prerequisites for Using the Web GUI, page 1 Information About Using The Web GUI, page 1 Connecting the Console Port of the Device, page 3 Logging On to the Web GUI, page 3 Enabling Web and Secure Web Modes,
More informationCounterACT 7.0 Single CounterACT Appliance
CounterACT 7.0 Single CounterACT Appliance Quick Installation Guide Table of Contents Welcome to CounterACT Version 7.0....3 Included in your CounterACT Package....3 Overview...4 1. Create a Deployment
More informationCUWN Release 8.2 mdns Gateway with Chromecast Support Feature Deployment Guide
CUWN Release 8.2 mdns Gateway with Chromecast Support Feature Deployment Guide Chromecast 2 Deployment Considerations 2 Chromecast Deployment using mdns Gateway/ Feature Benefit 3 Components Used 3 Configuring
More informationClearPass Release Notes
ClearPass 6.6.0 Release Notes Copyright Copyright 2016 Hewlett Packard Enterprise Development LP. Open Source Code This product includes code licensed under the GNU General Public License, the GNU Lesser
More informationISE Primer.
ISE Primer www.ine.com Course Overview Designed to give CCIE Security candidates an intro to ISE and some of it s features. Not intended to be a complete ISE course. Some topics are not discussed. Provides
More informationForescout. Engine. Configuration Guide. Version 1.3
Forescout Core Extensions Module: Device Classification Engine Version 1.3 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/
More informationCLEARPASS GUEST. A ClearPass Policy Manager Application DATA SHEET KEY FEATURES THE CLEARPASS ADVANTAGES
A ClearPass Policy Manager Application ClearPass Guest is a scalable, easy-to-use visitor management solution that delivers secure automated guest access workflows for visitors, contractors, partners,
More informationCisco ISE Ports Reference
Cisco ISE Infrastructure Cisco ISE Infrastructure, on page 1 Cisco ISE Administration Node Ports, on page 2 Cisco ISE Monitoring Node Ports, on page 4 Cisco ISE Policy Service Node Ports, on page 5 Inline
More informationThe following topics describe how to configure correlation policies and rules.
The following topics describe how to configure correlation policies and rules. Introduction to and Rules, page 1 Configuring, page 2 Configuring Correlation Rules, page 5 Configuring Correlation Response
More informationPolicy Enforcer. Policy Enforcer Connectors Guide. Modified: Copyright 2018, Juniper Networks, Inc.
Policy Enforcer Policy Enforcer Connectors Guide Modified: 2018-05-31 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net Juniper Networks, the Juniper
More informationCisco ISE Endpoint Profiling Policies
Cisco ISE Profiling Service, page 2 Configure Profiling Service in Cisco ISE Nodes, page 4 Network Probes Used by Profiling Service, page 4 Configure Probes per Cisco ISE Node, page 13 Setup CoA, SNMP
More informationGuest Access User Interface Reference
Guest Portal Settings, page 1 Sponsor Portal Application Settings, page 17 Global Settings, page 24 Guest Portal Settings Portal Identification Settings The navigation path for these settings is Work Centers
More informationCLEARPASS CONVERSATION GUIDE
CLEARPASS CONVERSATION GUIDE Purpose: Goal: How to use: This document is designed to help you steer customer discussions with respect to the ClearPass solution. It will be useful as an initial conversation
More informationCisco ISE Ports Reference
Cisco ISE Infrastructure, page 1 Cisco ISE Administration Node Ports, page 2 Cisco ISE Monitoring Node Ports, page 3 Cisco ISE Policy Service Node Ports, page 4 Cisco ISE pxgrid Service Ports, page 8 OCSP
More informationAIRPLAY AND AIRPRINT ON CAMPUS NETWORKS AN ARUBA AIRGROUP SOLUTION GUIDE
AIRPLAY AND AIRPRINT ON CAMPUS NETWORKS AN ARUBA AIRGROUP SOLUTION GUIDE Table of Contents Warning and Disclaimer... 3 Introduction... 4 What is Zero Configuration Networking (zeroconf)?... 5 WLANs and
More informationForeScout CounterACT. Configuration Guide. Version 1.8
ForeScout CounterACT Network Module: Wireless Plugin Version 1.8 Table of Contents About the Wireless Plugin... 4 Wireless Network Access Device Terminology... 6 How It Works... 6 About WLAN Controller/Lightweight
More informationWhatsConnected v3.5 User Guide
WhatsConnected v3.5 User Guide Contents Table of Contents Welcome to WhatsConnected Finding more information and updates... 5 Installing and Configuring WhatsConnected System requirements... 6 Installation
More informationCounterACT 7.0. Quick Installation Guide for a Single Virtual CounterACT Appliance
CounterACT 7.0 Quick Installation Guide for a Single Virtual CounterACT Appliance Table of Contents Welcome to CounterACT Version 7.0... 3 Overview... 4 1. Create a Deployment Plan... 5 Decide Where to
More informationUser Identity Sources
The following topics describe Firepower System user identity sources, which are sources for user awareness. These users can be controlled with identity and access control policies: About, page 1 The User
More informationSUPPORT GUIDELINE CASE OPENING GUIDELINES ARUBA NETWORKS TECHNICAL SUPPORT
SUPPORT GUIDELINE ARUBA NETWORKS TECHNICAL SUPPORT CONTENTS Case Opening Guideline - Common... 3 Case Opening Guideline - ArubaOS... 5 Case Opening Guideline - Clearpass... 6 Case Opening Guideline - AirWave...
More informationQuick St Copyright (c) Silve
Quick St Copyright (c) Silve Index Introduction Which Spore do you have? Default settings Summary of required and optional steps Getting started; connecting your Spore to the network Changing user names
More informationGet Success in Passing Your Certification Exam at first attempt!
Get Success in Passing Your Certification Exam at first attempt! Vendor: Cisco Exam Code: 300-206 Exam Name: Implementing Cisco Edge Network Security Solutions Version: Demo QUESTION NO: 1 If you encounter
More informationUser Identity Sources
The following topics describe Firepower System user identity sources, which are sources for user awareness. These users can be controlled with identity and access control policies: About, on page 1 The
More informationUsing the Web Graphical User Interface
Prerequisites for Using the Web GUI, page 1 Information About Using The Web GUI, page 2 Connecting the Console Port of the Switch, page 3 Logging On to the GUI, page 4 Enabling Web and Secure Web Modes,
More informationCounterACT Wireless Plugin
CounterACT Wireless Plugin Version 1.7.0 Table of Contents About the Wireless Plugin... 4 Wireless Network Access Device Terminology... 5 How It Works... 6 About WLAN Controller/Lightweight Access Points...
More informationDeploy the ExtraHop Discover 3100, 6100, 8100, or 9100 Appliances
Deploy the ExtraHop Discover 3100, 6100, 8100, or 9100 s Published: 2017-12-29 This guide explains how to install the rack-mounted EDA 3100, EDA 6100, EDA 8100, and EDA 9100 ExtraHop Discover appliances.
More information6.1. Getting Started Guide
6.1 Getting Started Guide Netmon Getting Started Guide 2 Contents Contents... 2 Appliance Installation... 3 IP Address Assignment (Optional)... 3 Logging In For the First Time... 5 Initial Setup... 6 License
More informationConfigure Smartport Properties on a Switch through the CLI
Configure Smartport Properties on a Switch through the CLI Objective This article provides instructions on how to configure auto smartport properties on your switch through the CLI. To configure smartports
More informationNEXT GENERATION SOLUTION FOR NETWORK ACCESS MANAGEMNT & CONTROL
PORTNOX PLATFORM NEXT GENERATION SOLUTION FOR NETWORK ACCESS MANAGEMNT & CONTROL Portnox s Network Access Control Platform traverses across all network layers, whether physical, virtual or in the cloud
More informationHost Identity Sources
The following topics provide information on host identity sources: Overview: Host Data Collection, on page 1 Determining Which Host Operating Systems the System Can Detect, on page 2 Identifying Host Operating
More informationConfigure Link Layer Discovery Protocol (LLDP) Properties on a Switch
Configure Link Layer Discovery Protocol (LLDP) Properties on a Switch Objective Link Layer Discovery Protocol (LLDP) Media Endpoint Discovery (MED) provides additional capabilities to support media endpoint
More informationFree4Dump. Free demo and valid vce dump for certification exam prep
Free4Dump http://www.free4dump.com Free demo and valid vce dump for certification exam prep Exam : HPE6-A44 Title : Scalable WLAN Design and Implementation (SWDI) 8 Vendor : HP Version : DEMO Get Latest
More informationCisco NAC Profiler Architecture Overview
CHAPTER 2 Topics in this chapter include: Overview, page 2-1 Cisco NAC Profiler System Deployment Model, page 2-3 Cisco NAC Profiler Usage: Port Provisioning and Endpoint Directory, page 2-4 Overview Cisco
More informationDeploy the ExtraHop Trace 6150 Appliance
Deploy the ExtraHop Trace 6150 Appliance Published: 2018-04-20 This guide explains how to install the rack-mounted ETA 6150 ExtraHop Trace appliances. System requirements This guide explains how to install
More informationConfiguring Local Policies
Finding Feature Information, on page 1 Restrictions for, on page 1 Information About, on page 2 How to Configure Local Policies, on page 3 Monitoring Local Policies, on page 8 Examples: Local Policies
More informationUsing the Cisco NAC Profiler Endpoint Console
CHAPTER 15 Topics in this chapter include: Overview, page 15-1 Display Endpoints by Profile, page 15-4 Display Endpoints by Device Port, page 15-9 Unauthorized Endpoints, page 15-12 Endpoint Directory
More informationArubaOS 6.2. Quick Start Guide. Install the Controller. Initial Setup Using the WebUI Setup Wizard
ArubaOS 6.2 Quick Start Guide This document describes the initial setup of an Aruba user-centric network that consists of an Aruba controller and Aruba Access Points (APs). The installation consists of
More informationMonitoring Windows Systems with WMI
Monitoring Windows Systems with WMI ScienceLogic version 8.8.1 Table of Contents Introduction 4 Monitoring Windows Devices in the ScienceLogic Platform 5 What is SNMP? 5 What is WMI? 5 PowerPacks 5 Configuring
More informationBEST PRACTICE - NAC AUF ARUBA SWITCHES. Rollenbasierte Konzepte mit Aruba OS Switches in Verbindung mit ClearPass Vorstellung Mobile First Features
BEST PRACTICE - NAC AUF ARUBA SWITCHES Rollenbasierte Konzepte mit Aruba OS Switches in Verbindung mit ClearPass Vorstellung Mobile First Features Agenda 1 Overview 2 802.1X Authentication 3 MAC Authentication
More informationBYOD: BRING YOUR OWN DEVICE.
white paper BYOD: BRING YOUR OWN DEVICE. On-BOaRDING and Securing DEVICES IN YOUR Corporate NetWORk PrepaRING YOUR NetWORk to MEEt DEVICE DEMaND The proliferation of smartphones and tablets brings increased
More informationACE Live on RSP: Installation Instructions
ACE Live on RSP ACE Live on RSP: Installation Instructions These installation instructions apply to OPNET ACE Live on RSP Release 7.1.3. You can find the latest version of this document at the OPNET Support
More informationFortiNAC Motorola Wireless Controllers Integration
FortiNAC Motorola Wireless Controllers Integration Version: 8.x Date: 8/29/2018 Rev: B FORTINET DOCUMENT LIBRARY http://docs.fortinet.com FORTINET VIDEO GUIDE http://video.fortinet.com FORTINET KNOWLEDGE
More informationISE Express Installation Guide. Secure Access How -To Guides Series
ISE Express Installation Guide Secure Access How -To Guides Series Author: Jason Kunst Date: September 10, 2015 Table of Contents About this Guide... 4 How do I get support?... 4 Using this guide... 4
More informationForescout. Quick Installation Guide. Single Appliance. Version 8.1
Forescout Version 8.1 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationManage Your Inventory
About Inventory About Inventory, on page 1 Inventory and Cisco ISE Authentication, on page 6 Add a Device Manually, on page 7 Integrate Meraki Dashboard, on page 10 Filter Devices, on page 11 Change Devices
More informationDeploy the ExtraHop Explore 5100 Appliance
Deploy the ExtraHop Explore 5100 Appliance Published: 2018-09-25 In this guide, you will learn how to configure the rack-mounted EXA 5100 ExtraHop Explore appliance and to join multiple Explore appliances
More informationConfigure Controller and AP Settings
Configure SNMP Credentials for Rogue AP Tracing, on page 1 Configure Protocols for CLI Sessions, on page 2 Enable Unified AP Ping Reachability Settings on the Prime Infrastructure, on page 2 Refresh Controllers
More informationForescout. Configuration Guide. Version 11.0
Forescout Version 11.0 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationSet Up Policy Conditions
Policy Conditions, page 1 Simple and Compound Conditions, page 1 Policy Evaluation, page 2 Create Simple Conditions, page 2 Create Compound Conditions, page 3 Profiler Conditions, page 4 Posture Conditions,
More informationVendor: Cisco. Exam Code: Exam Name: Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0. Version: Demo
Vendor: Cisco Exam Code: 642-737 Exam Name: Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0 Version: Demo QUESTION 1 Which statement describes the major difference between PEAP and EAP-FAST
More information8.5 Identity PSK Feature Deployment Guide
8.5 Identity PSK Feature Deployment Guide Product or Feature Overview 2 IPSK solution 3 Configurations Steps for IPSK in 8.5 release 3 Controller Configuration Steps 6 WLC Local Policies Combined with
More informationReal4Test. Real IT Certification Exam Study materials/braindumps
Real4Test http://www.real4test.com Real IT Certification Exam Study materials/braindumps Exam : 400-351 Title : CCIE Wireless Vendor : Cisco Version : DEMO Get Latest & Valid 400-351 Exam's Question and
More informationNAC: LDAP Integration with ACS Configuration Example
NAC: LDAP Integration with ACS Configuration Example Document ID: 107285 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information Configuration Flow Chart Diagram
More informationAccess Guardian and BYOD in AOS Release 8.1.1
Access Guardian and BYOD in AOS Release 8.1.1 Configuration Guide through Use Cases Copyright 2014 by Alcatel-Lucent All rights reserved Alcatel-Lucent, 26801 West Agoura Road, Calabasas, CA 91301, USA
More informationDES-3528/52 Series Firmware Release Notes
: Prom Code : v1.00.b007 Published: 2009/3/20 These release notes include important information about D-Link switch firmware revisions. Verify that these release notes are correct for your switch: - If
More informationDeploy the ExtraHop Discover Appliance in Azure
Deploy the ExtraHop Discover Appliance in Azure Published: 2018-04-20 The following procedures explain how to deploy an ExtraHop Discover virtual appliance in a Microsoft Azure environment. You must have
More informationManage Your Inventory
About Inventory About Inventory, on page 1 Inventory and Cisco ISE Authentication, on page 2 Display Information About Your Inventory, on page 2 Types of Devices in the DNA Center Inventory, on page 6
More informationConfigure Site Network Settings
About Global Network Settings, page 1 About Device Credentials, page 2 Configure Global Device Credentials, page 4 Configure IP Address Pools, page 9 Configure Global Network Servers, page 9 Configure
More informationThe University of Toledo Intune End-User Enrollment Guide:
The University of Toledo Intune End-User Enrollment Guide: Contents Enroll your Android device in Intune... 2 Enroll your ios device in Intune... 15 Enroll your Mac OS X device in Intune... 25 Enroll your
More informationSupport Device Access
Personal Devices on a Corporate Network (BYOD), on page 1 Personal Device Portals, on page 2 Support Device Registration Using Native Supplicants, on page 8 Device Portals Configuration Tasks, on page
More informationSwitch and Wireless LAN Controller Configuration Required to Support Cisco ISE Functions
Switch and Wireless LAN Controller Configuration Required to Support Cisco ISE Functions To ensure Cisco ISE is able to interoperate with network switches and functions from Cisco ISE are successful across
More informationConfigure Global Link Layer Discovery Protocol (LLDP) Settings on a Switch through the Command Line Interface (CLI)
Configure Global Link Layer Discovery Protocol (LLDP) Settings on a Switch through the Command Line Interface (CLI) Objective Link Layer Discovery Protocol (LLDP) Media Endpoint Discovery (MED) provides
More informationPer-WLAN Wireless Settings
DTIM Period, page 1 Off-Channel Scanning Deferral, page 3 Cisco Client Extensions, page 10 Client Profiling, page 12 Client Count per WLAN, page 15 DTIM Period Information About DTIM Period In the 802.11
More informationVendor: Cisco. Exam Code: Exam Name: Designing Cisco Data Center Unified Fabric (DCUFD) Version: Demo
Vendor: Cisco Exam Code: 642-996 Exam Name: Designing Cisco Data Center Unified Fabric (DCUFD) Version: Demo DEMO QUESTION 1 Which three Cisco technologies or solutions are used during the virtualization
More information